1ldns-verifyzone(1)          General Commands Manual         ldns-verifyzone(1)
2
3
4

NAME

6       ldns-verify-zone - read a DNSSEC signed zone and verify it.
7

SYNOPSIS

9       ldns-verify-zone ZONEFILE
10
11

DESCRIPTION

13       ldns-verify-zone reads a DNS zone file and verifies it.
14
15       RRSIG  resource  records are checked against the DNSKEY set at the zone
16       apex.
17
18       Each name is checked for an NSEC(3), if appropriate.
19
20

OPTIONS

22       -h     Show usage and exit
23
24
25       -a     Apex only, check only the zone apex
26
27
28       -e period
29              Signatures may not expire within this period.  Default no period
30              is used.
31
32
33       -i period
34              Signatures  must  have  been  valid at least this long.  Default
35              signatures should just be valid now.
36
37
38       -k file
39              A file that contains a trusted DNSKEY or DS rr.  This option may
40              be given more than once.
41
42              Alternatively,  if  -k  is  not  specified,  and a default trust
43              anchor (/var/lib/unbound/root.key) exists and contains  a  valid
44              DNSKEY or DS record, it will be used as the trust anchor.
45
46       -p [0-100]
47              Only check this percentage of the zone.  Which names to check is
48              determined randomly.  Defaults to 100.
49
50
51       -S     Chase signature(s) to a known key.  The network may be  accessed
52              to validate the zone's DNSKEYs. (implies -k)
53
54
55       -t YYYYMMDDhhmmss | [+|-]offset
56              Set  the  validation time either by an absolute time value or as
57              an offset in seconds from the current time.
58
59
60       -v     Show the version and exit
61
62
63       -V number
64              Set the verbosity level (default 3):
65
66               0: Be silent
67               1: Print result, and any errors
68               2: Same as 1 for now
69               3: Print result, any errors, and the names that are
70                  being checked
71               4: Same as 3 for now
72               5: Print the zone after it has been read, the result,
73                  any errors, and the names that are being checked
74
75
76       periods are given in ISO 8601 duration format:
77              P[n]Y[n]M[n]DT[n]H[n]M[n]S
78
79       If no file is given standard input is read.
80
81

FILES

83       /var/lib/unbound/root.key
84              The file from which trusted keys are loaded for signature  chas‐
85              ing, when no -k option is given.
86
87

SEE ALSO

89       unbound-anchor(8)
90
91

AUTHOR

93       Written by the ldns team as an example for ldns usage.
94
95

REPORTING BUGS

97       Report bugs to <ldns-team@nlnetlabs.nl>.
98
99

101       Copyright  (C) 2008 NLnet Labs. This is free software. There is NO war‐
102       ranty; not even for MERCHANTABILITY or FITNESS FOR  A  PARTICULAR  PUR‐
103       POSE.
104
105
106
107                                  27 May 2008               ldns-verifyzone(1)
Impressum